CISA releases 6 Industrial Control Systems Advisories

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to no topic for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.

ICS-CERT released the following 6 advisories today, June 28, 2022. Click on the links below for more detailed information on these Industrial Control Systems vulnerabilities.

This advisory contains mitigations for an Incorrect Default Permissions vulnerability in ABB e-Design engineering software.

This advisory contains mitigations for Cleartext Transmission of Sensitive Information, Insufficient Verification of Data Authenticity, and Plaintext Storage of a Password vulnerabilities in Omron SYSMAC CS/CJ/CP Series and NJ/NX Series programmable logic controllers.

This advisory contains mitigations for a  SQL Injection, Missing Authentication for Critical Function, Relative Path Traversal, and Command Injection vulnerabilities in Advantech iView management software.

This advisory contains mitigations for a missing authentication for critical function vulnerability in the Motorola Solutions MOSCAD IP and ACE IP Gateways products.

This advisory contains mitigations for Use of a Broken or Risky Cryptographic Algorithm, and Plaintext Storage of a Password vulnerabilities in the Motorola Solutions MDLC protocol parser.

This advisory contains mitigations for Use of Hard-coded Cryptographic Key, Use of Hard-coded Credentials, and Insufficient Verification of Data Authenticity vulnerabilities in the Motorola Solutions ACE1000 remote terminal unit.